Helping AI Agents Network Securely

How to handle cybersecurity challenges posed by AI agents is about the hottest security topic

going at the moment.

If you're wondering why that is, it's because agents are built to take action, to do things

on our behalf.

And that challenge is a core assumption that's baked into company's security.

And that's that humans make the decisions.

Tailscale is a Canadian unicorn and one of the country's fastest growing tech companies.

Thanks in large part to its popularity with AI companies, and increasingly with the

bots too.

I'm Jennifer Strong, and this is Shift.

Now here on the steering column is a device called Auto Cruise, you simply set the speed

you want.

Self-driving Rubo Taxis are already on the road in two years.

As the disc rotates, a mirror reflects the light in the way that depends on how the signal

was recorded.

This is the 100-terabyte app circle.

I present to you the Electro, the model man, ladies and gentlemen.

I would say that one of my greatest skills is my ability to interact with humans.

This episode, it's the latest installment of our oral history project.

Framer is an enterprise-grade no-code website builder that gives designers and marketers

the ability to fully own a dot com without relying on engineers.

And it offers real-time collaboration, a flexible CMS with everything you need for SEO,

and hosting and security ready for scale.

It makes it possible to design, ship, and manage high-quality enterprise websites because

your marketing website sets the tone for your brand.

It's the one touch point every single one of your customers has, so if you still struggle

to make small changes in simple updates, you're leaving opportunity on the table.

That's why companies from early-stage startups to Fortune 500s are turning to Framer.

The website builder that turns your dot com from a formality you check the box on into

a tool for growth.

Some businesses build better websites faster.

And what surprised me about it?

These sites are full-featured and look like the cost of fortune.

So learn how you can get more out of your dot com from a Framer specialist or get started

building for free today at framer.com slash shift for 30% off a Framer pro annual plan.

That's framer.com slash shift for 30% off framer.com slash shift.

Rules and restrictions may apply.

When you're in that level-up mindset for your business, it's wild how much the basic

stuff matters, like how you talk to customers and keep your team on the same page.

A cleaner, more modern setup can make everything feel smoother, which is why today's episode

is sponsored by Quo, spelled Q-U-O, the modern alternative to run your business communications.

It's the number one rated business phone system on G2, with over 3,000 reviews built

for how modern teams work.

More than 90,000 businesses from solo operators to growing teams rely on Quo to stay connected,

professional, and consistently reachable.

Quo works wherever you are, right from an app on your phone or computer, and lets you keep

your existing number.

Plus, it's easy.

Calls, texts, voicemails, transcripts, and contact details all live in one clean view with

full context at your fingertips.

Whether your team communicates faster, stays aligned, and delivers a more personal experience.

Make this the year where no opportunity and no customer slips away.

Try Quo for free, plus get 20% off your first six months when you go to Quo.com slash shift.

That's q-u-o.com slash shift.

Quo, no missed calls, no missed customers.

TailScale is a network layer that allows you to connect all your devices to all your

other devices in the simplest possible way, regardless of firewalls and stuff like that.

It's starting to become popular not just for humans, but for bots to talk to each other.

Hi, I'm Avery Penren.

I'm the CEO and co-founder at TailScale.

Last year, we raised our series C fund a ground for $160 million, so I guess you can

say we're serious.

We've got tens of thousands of paying customers around the world, and people are using

us for all kinds of interesting things.

Anything that requires one computer to talk to another.

The simplest example is if you want to send an image from your phone to your laptop,

and they're not both Apple devices.

There's basically no tool that can do that without uploading to the cloud and back.

TailScale just lets you do that by connecting those two things directly to each other, even

though they're not necessarily on the same network.

The new big risk, and it's both exciting and super scary, is called Ingenit AI.

Ingenit AI actually runs commands on your behalf, on your computer.

There's not just the LLM and the Sky that can just be stateless and delete its content

when it's done.

There's also this program on your computer that has all the access rights of your computer.

If it has access to secret keys or the ability to get into your Gmail or the ability to run

programs on your computer, it can do anything that you can do.

It can do it really, really fast compared to humans.

If someone gets control of that agent, which is possible to do because the agents are

still remarkably gullible compared to a regular human.

If it goes out, you tell it to do a research project and it downloads something from the

web and that the research it does contains a special string that triggers it to take

all the keys from your computer and upload them to some website.

It will just happily do that because it thinks that's what you ask it to do.

That risk is just like, wow, humans make a lot of mistakes too, but these things make

a lot of very scary mistakes and can be consistently manipulated because you can test it at

home, you can figure out what tricks it, and then you can post that onto a website for

other people to download.

The most important thing you need is just to understand like, this thing is beautiful,

it's really powerful, but it needs to be kept in a box and you can't give it access

to anything so sensitive that you can't afford to lose it.

That kind of visibility and the ability to let people run wild with it, but also if

something starts to go wrong to pull it back really quickly.

If something goes wrong and you didn't pull it back, at least you need to be able to

trace what the heck happened.

TailScale started back in 2019, me and my two co-founders, David Carnie and David Crosha

got together and they, the sort of the joke behind the name TailScale is its the opposite

of InternetScale, so we observed that like some stuff that should be easy is not easy

because everything suddenly has to be CloudScale and expect a billion users.

We're like, okay, look, what's something that should be easy, but it's like creating

a dashboard for my team.

I just want like a list of the stuff that's going on related to like my build system or

statistics about product deployment or something like that and it's really hard to build

a dashboard for your team or it was in 2019 because the top two reasons are like, how

do I get my team connected to this thing and how do I keep people who are not my team

from accessing this thing and it turned out this is just a really hard problem.

It comes down to networking plus security and so TailScale we decided to solve just

that to start with and I think we were pretty successful.

TailScale makes all the friction from that stuff go away and initially we were mostly

for individuals, we grew into like bigger and bigger companies, now we've got multiple

Fortune 500 companies rolling out TailScale across the whole organization because we

built from there to like, hey, we can take on all of this stuff that is not necessarily

running your production service for billions of users but all of the other stuff that your

business needs to do that is not running your business for billions of users.

The interesting thing about the AI movement and I certainly didn't see this coming in 2019,

I was hoping for the pendulum to sort of swing back from like everything needs to run in

the cloud and be overcomplicated to like, hey, I can build my own tools and I don't have

to license everything.

I didn't expect the way that would happen would be that agentic coding tools would show

up and make it possible for anybody even with no coding experience to suddenly be able

to make their own tools, right?

But now they can and that so it's extra important like once you've made your own tools you need

to be able to put them somewhere safe so that your team can connect to them so that people

are not and your team cannot connect to them, right?

And there's a lot of people out there right now exploring the world of agentic AI and

they don't have this fundamental safety feature.

And so like, oh, I built this cool tool, I'm going to stick it in a cloud server and put

it on the internet.

It's like, okay, now you've gone one step too far.

It's wonderful that you a non-coder or a junior coder can build these wonderful things

now, but you really should not just blindly post them on the internet because you're going

to get in trouble.

They're going to get discovered in the first like three seconds because there's this thing

called the certificate transparency log.

So as soon as you make a host name for your service, somebody who runs a botnet is going

to see that you made a certificate for this service and they're going to go straight to

your website and start looking for security holes.

Like literally this happens in the first few seconds after you put your website up, right?

So it's very dangerous for someone without any security training, just to publish something

on the internet for billions of people to try to attack.

What tail scale makes it easy to do, this is our original reason for being, is to publish

that stuff only on an internal network that only you and your friends and coworkers can

see, right?

And it's turned out in the AI world that this is extremely useful, right?

Now you can have one agent or you can have a hundred agents all talking to each other

and they can talk to each other on your tailnet, which is the tail scale network, right?

And they can be relatively safe inside that tailnet.

They can publish tools for each other.

They can share tools with other people on your team and it's all in this nice controlled

environment.

Now it's possible for them to escape from that environment.

There's this new thing called Claude bot, which I think has been renamed since then to

Moltbot and then renamed again to OpenClaw.

When it's install instructions on the day it came out, it said, if you want to run this

securely, you should use it with tail scale.

And we were like, well, now we have a lot more visits to our website from these automated

agents that go and install tail scale for you.

But on the downside, I think you should add like a few asterisks towards securely because

like tail scale, it's pretty secure, but OpenClaw just goes bananas and runs whatever it wants

to run, right?

I think it's great that people are experimenting with that stuff.

It's very hard to give something absolutely no guardrails and have it end up being safe.

So we are working on trying to create a world where you get that kind of freedom and make

even sort of insane ideas like OpenClaw actually safe.

And I think we're getting there.

I think it is, I mean, the revolution is happening.

I've talked to CIOs and CISOs who are telling me that this is the first year in many years

that their budget for buying SaaS products software as a service is actually going down

for the first time, right?

And their budget for building and running internal tools is going up because they're seeing

like all of these like special custom tools that are designed for everyone in the world,

like imagine a calendaring app, right?

Your calendaring app has to be perfect for everybody in order to be able to sell it, right?

But if you want a calendar app that's perfect for you, it can be a much smaller app that's

much quicker to build because you never have to sell it to 100 more people, right?

Now it's possible to just ask your AI to build one for you and then if you don't like

the colors, if you don't like the way the button is located, you can just move it around.

And suddenly like the world of like totally custom everything is possible.

It kind of reminds me of like a hundred years ago.

There's the story of like Ford and you can have any color you want as long as it's black.

And then not long after GM showed up and as the story goes, they're like, you know what?

You can have multiple colors, right?

And so initially there is the industrial revolution and like, isn't it great?

We can mass produce cars for the first time, like great achievement.

And everybody had a black car, but they wanted something else.

They wanted mass customization.

And the first step in mass customization was like, okay, we figured out how to mass produce

things and mass customize things, right?

So here we are in a software world where people can actually mass customize software for

the first time.

And we really need mass customized like anybody now in the world who can afford a cloud

account or an open AI account or a Gemini account can go build the thing that they want, right?

And so I hear from people a lot that this is going to eliminate the need for software

developers or something like that.

And I find I personally find that very hard to believe what it's going to do is raise

the demand for humans to build cool stuff that we never would have been able to build

in the past, right?

Suddenly everybody is going to want custom software, right?

The ability to get cars in multiple colors did not reduce the demand for cars, right?

And it certainly didn't reduce the demand for car manufacturers, right?

Just meant all of a sudden there's more car manufacturers and more cars than there's

ever been before.

The interesting thing about tail scale in this AI world, I'm watching a whole bunch of

companies all around us adopting AI as fast as they can because they see it as sort of

an existential threat.

Like if I make a calendaring app, there's a chance that my entire business is going to collapse

because a million people can now build a million calendaring app.

So I have to move, make my company go as fast as possible in order to make sure that my

calendaring app is so much better than the one you can vibe code yourself in an hour that

you won't want to drop mine, right?

That's a really hard problem.

And I have a lot of sympathy for software companies, the executives who run those things

and the investors in them is like, wow, you've got a tough job because suddenly everybody

can start a two person calendaring app that will solve a lot of problems that yours already

solves.

Tail scale is in this interesting position.

I went to a presentation a few weeks ago and somebody was telling me about how there's

going to be like SRE bots.

You're going to have like, you know, spin up 30 SRE agents and they're going to run all

of your corporate systems and they're going to write tariff on files for you and you don't

have to do it yourself anymore.

And what I took out of that is like, wow, so you have this imagination of a sci-fi future

where bots are doing everything and those bots are still using tariff form exactly the way

it is today, right?

And why is that?

I think it's true.

I think that is an accurate prediction for the future and why because everybody is in

such a hurry to build cool new stuff on top of the platform that we have that they don't

feel the need to redesign the platform, even like a platform that has problems.

Now you can just like create some more bots to work around the problem for you, right?

And that's like both amazing and terrifying because it's amazing because now all these

problems that we're holding you back, you can just throw money in bots at the problem

and they will work around the problems.

So on the other hand, it's terrifying because like we already have way too many layers

in our stack.

The stack is already way too complicated and it kind of reduces the incentive to clean

up some of that stuff, right?

So it makes me a little bit sad from the sense of like, hey, wouldn't it be nice if we

did clean up some of these things that have accumulated, right?

The reason tariff form exists is a bunch of stuff that probably shouldn't be there that

shouldn't be so complicated and tariff form is like this layer on top that makes it a

little bit nicer to deal with.

But on the upside, like from a selfish point of view, I think tail scale is in that bin

as well.

Tail scale, you know, takes the internet, which is a complicated place and makes it feel

simple.

And it's a layer on top that AI's are already recommending to people.

Like at this point, I think a few months ago or a couple months ago, we crossed the threshold

where more visits to our website were triggered by people asking for advice from an AI than

from searching the internet, right?

AI is just saying like, hey, you know, oh, you need to connect these things together in

a safe way.

You should just use tail scale for this.

And once you're in, I think it's really hard to dislod you because networks have the

network effect that's where the term came from originally is like where the more people

use the network, the more valuable it becomes.

And so tail scale is ironically in this position where we make a tool for the people who are

early adopting AI to try to be safer, but we're actually taking a really measured and

careful approach to AI internally because we don't see it as an existential threat because

we're already the infrastructure that AI runs on, if that makes sense.

And so our job is to go a little bit slower than everybody else and be way more careful

than everybody else and build this really, really strong foundation so that when you go

nuts and run all these tools that are super dangerous, you're going to be in less trouble.

And that's an interesting experience internally where we're like, yeah, AI tools are great.

We're going to use AI tools more carefully than anybody else.

We're going to use them because they're good, but we're not going to go out in a limb.

We are going to be a good example for everybody else of how to do this properly.

And that is basically our product.

Our product is, here's an example, a role model for how you should do things if you want

to do things in a mature way.

This episode was produced by me and Emma Silicon's and mixed by Garrett Lang with original

music from him and Jacob Gorski.

Thanks for listening.

I'm Jennifer Strong.